Entries with tag us cyberattacks.

US Task Force Reports Retailer-Focused Cyberattacks Not Coordinated

A newly-released government report found that the recent cyberattacks against US retailers were not coordinated. According to the report by the National Cyber Investigative Joint Task Force—an alliance of US law enforcement agencies such as the FBI, Secret Service, and Department of Homeland Security—the attacks were not a concerted attempt to harm the US economy. The task force is continuing to track attacks on retailers that use malware that targets payment systems. The report, which didn’t name victims, said retailers could have blocked malware that attacked vulnerable remote network-management software. “It sounds like they’re saying that Target didn’t segment their network properly,” Avivah Litan, a cybersecurity analyst at market-research firm Gartner Inc. told the Wall Street Journal. “It’s very difficult to manage all these remote access accounts. It’s very reasonable that Target thought it was properly protected.” (The Associated Press)(Wall Street Journal) 

Target Stores Hackers Gained Access via Contractor

The hackers who stole customer credit- and debit-card numbers from the Target company’s computer network late last year gained access via credentials stolen from a refrigeration and heating, ventilation, and air conditioning company that did contract work for the department-store chain. The US Secret Service is investigating the Pennsylvania-based Fazio Mechanical Services, which had access rights to Target’s system to enable remote temperature and energy use monitoring. Both Fazio and Target officials declined comment. Hackers were able to access Target point-of-sale devices via Fazio because Target didn’t segregate systems handling sensitive payment-card data from the rest of its network. Late last year, hackers stole credit- and debit-card data from as many as 110 million customers in November and December 2013. Target may be forced to ultimately pay $420 million for the breach, according to one Gartner analyst, which would cover various costs associated with the breach, including consumer credit monitoring and legal fees. (CNET)(Reuters)(Computerworld)(Krebs on Security)

Experts Debate Origins of Malware in Recent Attacks on Retailers

A security firm that originally tied malware used in the Target and Neiman Marcus cyberattacks to a Russian teenager is now backing off those claims. IntelCrawler had said that a St. Petersburg area teen not involved in the actual attacks wrote the  KAPTOXA or BlackPOS memory scraping malware. However, the company said this may not be the case after respected security blogger Brian Krebs wrote that he isn’t convinced the teenager wrote the malicious software.  The malware was reportedly created in March 2013, then placed online for others to take, alter, and utilize. It was used in a security breach in the Target department-store chain’s point-of-sales terminals, which yielded sensitive information for perhaps 70 million to 110 million customers. The Neiman Marcus luxury department store chain’s network was also compromised, as were retailers elsewhere in the US, as well as in Australia and Canada. (CNN @ KPHO)(Reuters)(BankInfoSecurity)(Krebs on Security)(Krebs @ Twitter)(Fox News)
 

Officials: Texas Arrests Unlikely to Aid in Netting Target Hackers

Although Texas police arrested two people at the Mexican border with 100 fake credit cards, some of which had debit- and credit-card numbers stolen in the recent network breach of the Target department-store chain, security experts say they are skeptical this will help authorities find the hackers responsible given what authorities characterize as “the vast, labyrinthine nature of the global market for stolen data.” These arrested suspects may have purchased the information they used on the online black market and have no knowledge of who hacked the Target system, according to law enforcement officials. Despite this, the US Secret Service is investigating whether there is a link between the Target attack and the Texas arrests. Typically, when criminals steal massive amounts of debit- or credit-card data, they sell it piecemeal online, said Chester Wisniewski, senior security adviser for the computer security firm Sophos. In the Target breach, hackers stole roughly 40 million debit and credit card numbers plus the personal information of about 70 million people. (Associated Press)(Reuters)

British Citizen Charged in Numerous US Hacking Incidents

US officials have charged a UK computer hacker with breaching thousands of computer systems, including US military and government networks, and stealing confidential data. They charged Lauri Love, 28, with one count of accessing a federal agency’s computer without permission and one count of conspiracy. US attorneys filed their case in New Jersey, the location of one of the servers that Love allegedly used. Love was arrested on 25 October in the UK. Between October 2012 and October 2013, Love and others allegedly placed back doors in networks they breached, which allowed them to re-enter and take data. They reportedly hacked networks including those run by the US Department of Defense’s Missile Defense Agency, the US Army Corps of Engineers, NASA, and the Environmental Protection Agency and allegedly took budget information and personal data on military and government personnel. Love faces US and UK charges related to other incidents. (Reuters)(Associated Press @ Washington Post)
 

Showing 5 results.